Privacy Policy

Kulu's Privacy Policy - Learn how we collect, use, and protect your personal data.

Privacy Policy

Last Updated: April 2026

Welcome to Kulu ("we", "us", "our", or "Company"). We are committed to protecting your data and privacy. This Privacy Policy explains how we handle your personal data when you use the Kulu Portal, Kulu Meet, and related services (together, the "Services").

Data We Process

Kulu processes only the data necessary to operate Kulu Portal and Kulu Meet effectively.

Account & Identification Data

  • Email address
  • Name
  • Organization name and details
  • Login credentials and access tokens

Used to authenticate you and secure your account.

Kulu Meet — Voice, Video & Screen Sharing Data

When you participate in a meeting using Kulu Meet, we process:

Voice & Transcription

  • Audio you speak into your microphone
  • Speech-to-text transcripts
  • AI-generated responses

Used to deliver real-time onboarding guidance.

Video Recording

Kulu Meet supports optional video recording of sessions.

  • Video recording is enabled by default and can be explicitly disabled by the organisation before a session begins.
  • Participants are notified when video recording is active and may opt out at any time during the session.
  • Recorded video is retained for 30 days and then automatically deleted.
  • Video recordings are used solely for quality assurance and service improvement. We do not use video recordings to train AI/ML models.

Screen Sharing Data

When you choose to share your screen, we may process:

  • visual content from the shared screen

Knowledge Base Content

If your organisation uploads documents to Kulu Portal (e.g., onboarding guides), we process:

  • file contents
  • extracted text
  • generated embeddings

This allows the AI assistant to use your organisation's knowledge during meetings.

Chat & Interaction Data

  • User questions
  • AI assistant responses
  • Timestamps and interaction metadata

Used to provide contextual responses and improve meeting continuity.

Usage Analytics

When you use our web applications, we collect usage analytics to understand how our services are used and to improve the product experience. This may include:

  • Page views and navigation paths
  • UI interactions
  • Browser type, OS, and device information
  • Internal user ID, email, and name

Session Replay

On Kulu Meet, we also capture session replay data to diagnose issues and improve the product. Session replay is limited to the Kulu Meet interface and does not capture your full screen, other browser tabs, or other applications. Sensitive fields (such as password inputs and elements designated for exclusion) are masked and not collected.

Session replay data is used solely for debugging, quality assurance, and product improvement. It is not used to train AI/ML models.

End-User Data

For end users who participate in onboarding sessions via Kulu Meet, we may collect:

  • Email address (if the user provides it) — used solely to identify who participated in a meeting. We do not send marketing or promotional content to end-user email addresses.
  • Name and internal user ID, where provided, to associate activity with the correct participant.
  • Onboarding funnel events, such as when a session is opened, when the user joins, mutes, unmutes, shares their screen, or leaves.
  • Session replay data from the Kulu Meet interface, as described in Session Replay. Session replay is limited to the Kulu Meet interface and does not capture other browser tabs, the user's desktop, or other applications.

This data is used to provide your organisation with onboarding analytics, to debug issues, and to monitor service quality. We do not use end-user data to train AI/ML models.

Technical & Operational Data

  • API logs
  • Performance metrics
  • Error and diagnostic data

Used to maintain reliability, security, and service stability.

How We Use Your Data

We use your data to:

  • operate and improve Kulu Portal and Kulu Meet
  • provide real-time AI onboarding (voice, screen awareness, contextual guidance)
  • personalise your experience based on organisation and meeting context
  • authenticate accounts and prevent misuse
  • monitor performance and diagnose issues
  • deliver billing and subscription services
  • send essential service notifications
  • send optional product updates (you may unsubscribe at any time)
  • run aggregated or anonymised analytics to improve service quality

We do not use your voice recordings, video recordings, transcripts, or meeting data to train AI models. All meeting data — including voice, video, and screen sharing — is processed solely for quality assurance, product stability, and delivering real-time onboarding guidance. We do not sell identifiable data or share it with marketers.

Data Security

We implement appropriate security measures to protect your data:

Encryption

  • In Transit – All data transmitted to and from our services is encrypted using TLS 1.2 or higher
  • At Rest – Sensitive data is encrypted at rest using industry-standard encryption algorithms

Access Controls

  • Authentication – Secure authentication mechanisms for all user accounts
  • Authorization – Role-based access control (RBAC) ensures users only access data they need
  • Audit Logging – All access to sensitive data is logged and monitored

Infrastructure Security

  • Network Security – Firewalls, intrusion detection, and DDoS protection
  • Regular Updates – Timely patching and updates of all systems
  • Vulnerability Management – Periodic security reviews

Data Storage

All personal data is stored securely within our managed cloud infrastructure. Screen-sharing data is processed in real time and is not retained. Video recordings, when enabled, are stored securely and automatically deleted after 30 days. Data transmission is encrypted using HTTPS.

Data Retention

We retain personal data only for as long as necessary to deliver and maintain our Services, or as required by applicable law.

Audio & Video Recording Retention

Audio recordings from Kulu Meet sessions are automatically deleted after 30 days. Video recordings, when enabled, are automatically deleted after 30 days. This deletion is automated to ensure compliance with data retention policies.

Transcripts and meeting metadata may be retained longer for service continuity and support purposes.

Other Data

Some records (for example, access logs or billing invoices) may be retained for a limited period to meet security, compliance, and accounting obligations. You can request deletion of your data at any time by contacting support@heykulu.ai.

Billing and Fraud Prevention Data

Payment data is processed by Stripe. Kulu does not store full card numbers.

We receive limited billing information such as:

  • subscription plan
  • payment method type
  • billing cycle
  • charge outcomes and retry attempts

Used to operate billing, prevent misuse, and ensure account continuity.

Stripe processes payment information according to its own Privacy Policy.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • access your personal data
  • correct inaccurate information
  • request deletion
  • request a copy of your data

To exercise these rights, please contact us at support@heykulu.ai.

Data Processing Agreement (DPA)

For organizations requiring a Data Processing Agreement, we provide a comprehensive DPA document that outlines data processing terms and security commitments. Download DPA (PDF) In the event of any inconsistency between this Privacy Policy and the DPA, the DPA shall prevail for data-processing matters.

Contact Us

If you have questions about this Privacy Policy or any privacy matters:

📧 Email: support@heykulu.ai

We are committed to working with you to resolve any privacy concerns.